PalveronPalveronDocs

MCP Setup Guide

Set up governance for Cursor, Windsurf and Claude Code.

The MCP (Model Context Protocol) Gateway enables governance of tool calls by coding agents like Cursor, Windsurf and Claude Code. Every tool call passes through Palveron for policy checks, PII detection and audit logging.

How It Works

  1. You register the target MCP server (e.g. your database or email MCP server) with Palveron
  2. Your coding agent talks to Palveron's per-server proxy endpoint instead of the MCP server directly
  3. Guardrails check the tool name, parameters and context against your policies
  4. If approved, the call is forwarded to the actual MCP server
  5. The result is logged as a trace with a complete audit trail

Step 1 — Register the target MCP server

Palveron can proxy requests to any MCP server. Register servers via the dashboard or API:

Dashboard

  1. Navigate to MCP GatewayMCP Servers
  2. Click + Register Server
  3. Enter the server URL and authentication details
  4. Palveron automatically scans the server for available tools

API

curl -X POST https://gateway.palveron.com/api/v1/mcp/servers \
  -H "Authorization: Bearer pv_live_your_project_key" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Salesforce MCP",
    "server_url": "https://mcp.salesforce.com/sse"
  }'

Required fields: name, server_url. Optional: description, connector_type, auth_method, auth_config (free-form JSON), is_proxied. The response contains the server id — you need it for the proxy URL below.

From Connector Template

Palveron includes 11 preconfigured connector templates for popular services:

curl -X POST https://gateway.palveron.com/api/v1/mcp/servers/from-template \
  -H "Authorization: Bearer pv_live_your_project_key" \
  -H "Content-Type: application/json" \
  -d '{ "template": "salesforce", "name": "Our Salesforce", "server_url": "https://..." }'

template is required; name and server_url are optional overrides. Available templates: Salesforce, Microsoft Copilot, ServiceNow, Slack AI, Teams Copilot, Zendesk AI, Intercom Fin, AWS Bedrock, Azure AI, Cursor, Claude Code. Creating from a template also seeds the template's tool policies and triggers an immediate tool scan.

Step 2 — Point your coding agent at the proxy

The governed endpoint is the per-server JSON-RPC proxy:

https://gateway.palveron.com/api/v1/mcp/proxy/{server_id}

It accepts any JSON-RPC 2.0 request (initialize and tools/list pass through; tools/call is policy-checked). Optionally send an X-Agent-Id header with a registered agent id so calls are attributed to that agent — an unknown id is treated as anonymous.

Cursor

Open Cursor Settings → MCP Servers → Add Server:

{
  "mcpServers": {
    "palveron-governed-salesforce": {
      "url": "https://gateway.palveron.com/api/v1/mcp/proxy/{server_id}",
      "headers": {
        "Authorization": "Bearer pv_live_your_project_key",
        "X-Agent-Id": "ckagent..."
      }
    }
  }
}

Windsurf

Windsurf uses the same MCP configuration format — add the same entry under Windsurf Settings → MCP.

Claude Code

For Claude Code (Anthropic's CLI agent), add the same MCP server entry to your configuration.

For self-hosted deployments, replace the host with your gateway (e.g. http://localhost:8080/api/v1/mcp/proxy/{server_id}).

Step 3 — Tool Policies

Create policies for specific tool calls (bind the policy to a scanned tool via mcp_tool_id from GET /api/v1/mcp/servers/{id}/tools):

curl -X POST https://gateway.palveron.com/api/v1/mcp/policies \
  -H "Authorization: Bearer pv_live_your_project_key" \
  -H "Content-Type: application/json" \
  -d '{
    "mcp_tool_id": "clxyz...",
    "action": "REQUIRE_APPROVAL",
    "reason": "Destructive database operations require human approval"
  }'
ActionBehavior
ALLOWTool call is forwarded without intervention
DENYTool call is rejected with a reason
REQUIRE_APPROVALTool call is paused until a human approves or rejects
LOG_ONLYTool call is forwarded but flagged for review

Any other action value returns 400 listing the allowed set. See the MCP API reference for the full body.

Approval Queue

When a tool call triggers a REQUIRE_APPROVAL policy, it is placed in the queue:

  1. The coding agent pauses and waits
  2. A notification is sent via the configured webhook (Slack/Teams)
  3. An approver reviews the tool call in the MCP Approvals dashboard
  4. On approval, the call is forwarded; on rejection, an error is returned

Tool Scanning & Poisoning Detection

Palveron automatically scans registered MCP servers for tool definitions. If a tool's description changes between scans (potential rug pull / tool poisoning), it is flagged:

  • Dashboard shows a warning badge on the affected server
  • The Command Center surfaces a critical alert
  • Optionally, affected tools are automatically blocked pending review

Monitoring

All MCP tool calls appear in the Command Center with dedicated metrics:

  • Total tool calls over the selected period
  • Blocked tool calls
  • Active / failing MCP servers
  • Pending approvals
  • Suspected poisoning cases

Next Steps

On this page